The Garam Group Blog

Stay current on new technology and business practices

Cybersecurity and Ransomware: Why one small 8 computer company paid the $150,000 ransom and what you can do to protect yourself

cybersecurity ransomware and hackers

In recent news – just a week ago a small manufacturing company in the Midwest with only 8 computers had their computer network held hostage and wound up paying the ransomware fee of $150,000 to regain control of their network. If you thought your network or business was too small to fall victim to this type of cybercrime – think again!

We write a lot of articles about the importance of not only having the right network security systems in place but also why it’s critical to make sure all your people have cybersecurity training. It’s critical that you and your employees are aware of typical cybersecurity threats and have the training in place to know what to look for in typical phishing email scams so they don’t click on links or give up login credentials that will allow hackers to gain access to your network.

It’s not only large companies that are attacked

A small cabinet manufacturer in Kentucky learned this lesson the hard way this week.  Check out this interview Tech Republic did with their CFO where he explains how they learned about the attack and why they decided to pay the $150,000 ransom (which was originally set at $400,000) to regain control of their network.

Their CFO said they were a small company with just 8 PCs in a building and never thought something like this would even be possible until he found out late on a Saturday night when he received an email from a coworker saying that, “Hey, you’re under attack”.  The screens of all their computers were basically black saying “we have control of your network and you need to pay this ransom if you want them back”.

It all started with someone clicking on a link in a phishing email

They believe this started because someone clicked on a link in a phishing email that somehow gave the cybercriminals access to the network. They spoke with their insurance company and an IT contact they had to confirm this was a real attack and decided not to contact authorities as it is often very hard to locate and hold the hackers accountable.  They were relieved they were not a healthcare or proprietary type of business where they had people’s personal information or proprietary company information at risk that could damage people other than bringing their own business to a grinding halt.

They worked throughout the weekend and decided to pay the hefty ransomware fee in bitcoin as they realized how reliant they were on their computers and IT.

“Luckily our machinery in the plant isn’t connected to our network, but all the processes you use to tell that machine how to work are now a black screen and you can’t do anything, and you find out very quickly that 25 men and women out in the plant that are used to being very good at their jobs are held, with no ability to do their jobs because they don’t even remember how to do it without that computer. And yeah, at that point we just circled around and said, this isn’t a matter of do we pay them? It’s a matter of how do we pay them because if we don’t pay them, we don’t have a way out of this, and business just stops, so it’s quite a scary situation.”

They believe the hacking group was most likely Eastern European and while they were clearly upset they got hacked they were at least grateful that it was a group that was known to actually honor the ransom agreement and gives your data back once you pay them.

An eye-opening experience

This is a horrible story and should be eye-opening for most any business.  Everyone thinks these types of attacks only happen to larger companies, but this is proof that no company is too small to make sure they have a solid cybersecurity plan in place.

It’s not just a matter of having firewalls and antivirus in place, which most companies have. A critical element often left unaddressed is making sure all your people have the proper cybersecurity training and know what to look for, so they don’t fall victim to phishing emails and other typical online scams.

These emails often look legitimate and if you don’t know what to look for all it takes is one click to compromise your network.

What can you do to protect your business?

All it takes is one employee to cause a data breach.  Make sure your employees are prepared and don’t fall prey to these types of attacks. So what can you do to protect your company and your people?

Contact us at The Garam Group and ask about our Breach Secure Now Cybersecurity Training Program.  We offer an affordable comprehensive cybersecurity training and assessment platform. It involves short on-demand video training, simulated phishing tests, dark web monitoring, security policies, and an interactive portal.

Contact us today at 315-473-9600 to learn more and get started.

17279

Want to stay current on new technology and business practices?

Get our new blog posts emailed to you monthly!

Share this post:

Share on linkedin
Share on twitter
Share on facebook